Several remotely-exploitable vulnerabilities in the Apache Web server have been reported. The reported vulnerabilities are:

A problem in the shared memory scoreboard that can be exploited to send
a signal as root to any process running on the system, causing a denial
of service. Any user who can execute code with the permissions of the
user id running Apache can exploit this vulnerability. This includes
users who can execute CGI applications and remote attackers that can
exploit bugs in CGI applications to execute code.

On systems that allow wildcard DNS lookups and have UseCanonicalName
set to off, Apache is vulnerable to a cross-site scripting attack
on the default 404 page. This attack can be used to execute code in
the viewer's Web browser.

There are buffer overflows in ApacheBench which may be exploitable as
part of a denial-of-service attack and may, under some conditions, be
used to execute code with the permissions of the user running
ApacheBench.

It is highly recommended that users upgrade to version 1.3.27 of
Apache as soon as possible.

The mail application fetchmail is vulnerable to several buffer
overflows. One buffer overflow, in the code that parses the
"Received" portion of the header of an incoming email message, can be
exploited to execute code with the permissions of the user running
fetchmail (root, in some cases).

Users should upgrade fetchmail to version 6.1.0 as soon as possible,
and should consider disabling it until it this has been done.

unzip and tar are vulnerable to directory traversal problems that can
be used by an attacker to overwrite arbitrary files. An attacker can
place files that contain ".." in their path into a .tar file, and files
that start with a "/" in their path into a .zip file. unzip version
5.42 and GNU tar version 1.13.25 are reported to be vulnerable.

It is recommended that users upgrade to repaired versions of tar and
unzip as soon as possible. Red Hat has released updated packages for
unzip and tar. Users can also list the contents of a .zip file using
unzip -l filename and a .tar file using tar -tf filename prior to
extracting the files.

SMRSH, a restricted shell from the Sendmail Consortium, is reported to
be vulnerable to two attacks that can be used to bypass the shell
restrictions and execute commands on the system. An attacker must
have the ability to modify their .forward file before being able to
conduct these attacks.

The Sendmail Consortium has released a patch to SMRSH that protects
against these attacks and recommends that all affected users update
SMRSH.

The utility logsurfer is used to watch logfiles in real time and
perform actions based on a set of rules. logsurfer is vulnerable to a
buffer overflow and a problem with a uninitialized buffer.
logsurfer is only vulnerable to the buffer overflow when the pipe
action is used. The buffer overflow can be used in a denial-of-service attack against logsurfer, or possibly be exploitable to execute
arbitrary code as the user running logsurfer. The uninitialized
buffer can cause a line of data in the buffer to be read in as a
configuration statement.

It has been reported that ghostview and kghostview are vulnerable to
multiple buffer overflows that can be exploited using a carefully-crafted file. This will cause arbitrary code to be executed with the
permissions of the user viewing the file.

The WN Web server is vulnerable to a buffer overflow in the code that
parses the GET request. This buffer overflow can be exploited by a
remote attacker to execute arbitrary code with the permissions of the
user running WN. Versions 1.18.2 through 2.0.0 of WN are reported to
be vulnerable.

It is recommended that users upgrade to WN Server 2.4.4 as soon as
possible.

The rogue game is fantasy computer game. dm is a set group id games utility that is is used to wrap the execution of games. When rogue is
started using dm, it does not drop the game group id and can be
manipulated into giving the attacker group game permissions. A
script to automate the exploitation of this problem has been
released.

Affected users should disable the running of rogue by dm by editing
/etc/dm.conf until rogue is modified to drop the group permissions.